MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20acf8e3536debdf0686fc565b0528a0d25672c7360c39602ab6a59629e53308. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 20acf8e3536debdf0686fc565b0528a0d25672c7360c39602ab6a59629e53308
SHA3-384 hash: 00da1001b2f28fb6883329e03e6f0b8737213ddac2492b6dbc7365d902bedf7a98db2b0683b6b04ee5293e85a372c854
SHA1 hash: 5073c46db4e6687b71aa364576cff556c70c3de5
MD5 hash: 68c84c3d05d64295d15000e6af1ad71a
humanhash: nitrogen-yankee-gee-hamper
File name:6bbc0000.dll
Download: download sample
File size:13'706'240 bytes
First seen:2021-06-22 11:01:30 UTC
Last seen:2021-06-22 11:42:38 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash bdd425891fb6d9a9fec416c5a82781e4
ssdeep 196608:nREvxmF/1WafqWBXekUiu/EJz+Lw7RNpgcHertHevkOLgD+17WvteBxbo/IT98/1:nr7vO9/VhuLbRD1GmZA
TLSH 3DD6AD46EB479EA7DE570B73CEBBE33F0738CA41E951CEA6CA18C168E8573124257604
Reporter 0x746f6d6669
Tags:DanaBot dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
344
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Pseudosigner-36
Create hunting rule

Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/48196bba-51ae-4b57-a13d-799888aa218f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/805899
Signature
Found Tor onion address
May use the Tor software to hide its network traffic
Tries to evade analysis by execution special instruction which cause usermode exception
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 438310 Sample: 6bbc0000.dll Startdate: 22/06/2021 Architecture: WINDOWS Score: 52 37 Found Tor onion address 2->37 39 May use the Tor software to hide its network traffic 2->39 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 10 other processes 8->16 process5 18 rundll32.exe 10->18         started        20 WerFault.exe 9 12->20         started        22 WerFault.exe 12->22         started        24 WerFault.exe 14->24         started        26 WerFault.exe 14->26         started        28 WerFault.exe 2 9 16->28         started        30 WerFault.exe 20 9 16->30         started        process6 32 WerFault.exe 3 9 18->32         started        signatures7 35 Tries to evade analysis by execution special instruction which cause usermode exception 32->35
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/20acf8e3536debdf0686fc565b0528a0d25672c7360c39602ab6a59629e53308/
Verdict:
unknown
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210622-eyjlr4ty9a/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
20acf8e3536debdf0686fc565b0528a0d25672c7360c39602ab6a59629e53308
MD5 hash:
68c84c3d05d64295d15000e6af1ad71a
SHA1 hash:
5073c46db4e6687b71aa364576cff556c70c3de5
Link:
https://www.unpac.me/results/5bbb918c-a18f-4623-9a5a-20758d25ba1a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/20acf8e3536debdf0686fc565b0528a0d25672c7360c39602ab6a59629e53308

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments